The malicious link that set off antivirus alarm bells when people tried to visit Blue Shield California downloaded javascript content from a domain called linkojagerorg. Who exactly gets paid when those ads are shown or clicked is not clear, but there are a few clues about who’s facilitating this. When that altered HTML content is saved and published to the Web, the hidden javascript code causes a visitor’s browser to display ads under certain conditions. In that case, the extension silently adds a request for a javascript link to the end of whatever the user types and saves on the page. How did a browser extension lead to a malicious link being added to the health insurance company Web site? This compromised extension tries to determine if the person using it is typing content into specific Web forms, such as a blog post editing system like WordPress or Joomla. But the extension was sold by the original developer a few years back, and for some reason it’s still available from the Google Chrome store despite multiple recent reports from people blaming it for spreading malicious code. Page Ruler lets users measure the inch/pixel width of images and other objects on a Web page. The extension in question was Page Ruler, a Chrome addition with some 400,000 downloads. The health insurance site was compromised after an employee at the company edited content on the site while using a Web browser equipped with a once-benign but now-compromised extension which quietly injected code into the page. And as we’ll see, it’s not uncommon for extension makers to sell or lease their user base to shady advertising firms, or in some cases abandon them to outright cybercriminals. The incident is a reminder that browser extensions - however useful or fun they may seem when you install them - typically have a great deal of power and can effectively read and/or write all data in your browsing sessions. An investigation determined it was injected by a browser extension installed on the computer of a Blue Shield employee who’d edited the Web site in the past month. Blue Shield quickly removed the unauthorized code. Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |